NotesFAQContact Us
Search Tips
Back to results
ERIC Number: ED558680
Record Type: Non-Journal
Publication Date: 2013
Pages: 129
Abstractor: As Provided
ISBN: 978-1-3032-7073-4
Secure Cooperative Data Access in Multi-Cloud Environment
Le, Meixing
ProQuest LLC, Ph.D. Dissertation, George Mason University
In this dissertation, we discuss the problem of enabling cooperative query execution in a multi-cloud environment where the data is owned and managed by multiple enterprises. Each enterprise maintains its own relational database using a private cloud. In order to implement desired business services, parties need to share selected portion of their information with one another. We consider a model with a set of authorization rules over the joins of basic relations, and such rules are defined by these cooperating parties. The accessible information is constrained by these rules. It is assumed that the rest of the information is well protected but those mechanisms are not addressed here. It is expected that the authorization rules are formulated based on business needs and agreements, and may suffer from several issues. First, the rules may be inconsistent in that they release more information than the parties may realize or agree to. We formalize the notion of consistency of authorization rules and devise an algorithm to augment rules to maintain rule consistency. We also consider the possibility of occasional changes in authorization rules and address the problem of maintaining consistency in the face of such changes. We propose algorithms for both changes with new privileges grants and revocations on existing privileges. Instead of augmentation, conflicts may be resolved by introducing negative rules. We discuss the mechanism to check if the negative rules can be violated and the possible way of enforcing them. The second issue is that the parties may possess inadequate access to basic data to implement the operations required for providing the stated access to the composed data. In other words, the rules cannot be enforced or implemented in reality. Therefore, we propose an algorithm to systematically check the enforceability for each given authorization rule in order to determine the set of queries that can be safely executed. We also present mechanisms to generate a query execution plan which is consistent with the authorization rules for each incoming authorized query. Since finding the optimal query plan can be very expensive, our algorithm attempts to find good query plans using a greedy approach. We show that the greedy approach provides plans that are very close to optimal but can be obtained with a far lower cost. The third issue to consider is handling of situations where rules cannot be enforced among existing parties. For this, we propose the introduction of trusted third parties to perform the expected operations. Since interactions with the third party can be expensive and there maybe risk of data exposure/misuse, while the data is held by third party, it is important to minimize their use. We define a cost model and formulate the minimization problem. We show that this problem is NP-hard, so we use greedy algorithms to generate solutions. With extensive simulation evaluations, the results show the effectiveness of our approach. Furthermore, we discuss different types of third parties, and the need for multiple third parties. We examine the problem of how to use minimal number of third parties to meet the given security requirements. This problem thus out to be strongly related to the graph coloring problems. We propose some heuristics to find near optimal answers. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page:]
ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site:
Publication Type: Dissertations/Theses - Doctoral Dissertations
Education Level: N/A
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A